|
|
|
laptop hardware problems
|
|
|
tjj107
Account closed as per user's own request
|
16. August 2006 @ 05:56 |
Link to this message
|
ok here is the log after i delted anti vi: please helpcos its gettin soo anoyin now!
Logfile of HijackThis v1.99.1
Scan saved at 14:53:29, on 16/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Power Manager\PM.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HjL\hijack\Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxu...
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tjj107tomjj1989.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
tOm
|
|
Advertisement
|
|
|
|
Senior Member
|
16. August 2006 @ 06:30 |
Link to this message
|
|
Ok, I'm with you.
However I do actually have to deal with somthing right now, if you be patient I will get to you in an hour or two.
In the mean while:
[*]Do not take instructions from anyone else.
[*]Do not ask at another site.
And yes, installing some more ram will make it coniderably faster, its definatly worth a crack.
|
|
tjj107
Account closed as per user's own request
|
16. August 2006 @ 07:39 |
Link to this message
|
|
ok i will wait then :)
tOm
|
Senior Member
|
16. August 2006 @ 08:09 |
Link to this message
|
|
|
tjj107
Account closed as per user's own request
|
16. August 2006 @ 08:51 |
Link to this message
|
|
ok i did the first two but when i try the third one it never loads. nothing came up with the first two so does that mean i am screwed?!
tOm
|
Senior Member
|
16. August 2006 @ 09:44 |
Link to this message
|
Nah, your not screwed just yet :-)
If Trend Micro didn't work you can scan with any of theese:
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
Update Your OS
Please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system.
http://download.microsoft.com/downlo...p1a_en_x86.exe
Validate System Files
Go to the Run box on the Start Menu and type in or copy/paste sfc /scannow (there is a space between sfc and /)
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If any problems are found, you will be prompted to insert the Windows XP install disc so have it handy.
The following should appear to give an indication of how long the process is taking.
Check the Event Veiwer
Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues.
Go to Start > Run - type in eventvwr <Press Enter>
This is a picture of what the event viewer looks like.
You will see Application, Security & System listed in the left pane.
1. In the left pane click on Application.
2. Click the gray title ?Type? at the top of the source name column in the right pane to sort by type name, look for ?Error? & double-click on the most recent 5, and evaluate the event description for any indication of the cause of the problem.
3. Make note of the Description, EventID and Source of these Event Properties.
4. From the right pane, doubleclick on the line where it says error & you should get a window like the example below:
5. In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down, there is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
6. Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here
Repeat steps 1-6 for System
Your actuall issue is with your laptops touch pad right?
Its just the fast that it works well in safe mode thats confusing, the fact that you said your pc also shuts off directed me to think of it being malware.
Thank you for your cooperation, we will have your computer sorted in no time :-)
This message has been edited since posting. Last time this message was edited on 16. August 2006 @ 09:48
|
|
tjj107
Account closed as per user's own request
|
16. August 2006 @ 10:37 |
Link to this message
|
|
ok i will definatly try that- thanks! and yes its the touchpad that sometimes doesnt work and also the computer freezes for like 10 mins about 20 mins after it is turned on but i have neither of these problems when i run it in safe mode. right im gona go do all those things and i will get back to you with the results, thanks
tOm
|
Senior Member
|
16. August 2006 @ 12:08 |
Link to this message
|
Hey Rav-
I am a little confused about the safe mode issue myself. I thought for sure it was a Trojan, or maleware issue. I know of another program you might have him run and post a log for. It is called StartupList. You can download it from: http://www.spywareinfo.com/~merijn/downloads.html
I only suggest this because maybe there is something in the startup programs that is causing this issue. It's worth a try.
|
|
tjj107
Account closed as per user's own request
|
16. August 2006 @ 13:21 |
Link to this message
|
|
right i used that panda sacn fing and it came up saying:
Incident Status Location
Virus:Bck/Haxdoor.MF Disinfected C:\17656179226.exe
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tom\Cookies\tom@atdmt[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:Application/MyWebSearch
but it wont delete them unless i pay £20!!! are these viruses genuine or just something the company made up?! :s it said i had one virus and like 5 spywares! help!
tOm
|
|
tjj107
Account closed as per user's own request
|
16. August 2006 @ 14:32 |
Link to this message
|
|
ok im kinda lost when it comes to this event log fing. i did the fing u asked to do before with the windows XP cd but i am kinda lost when it comes to this event log- by that i mean i can do it but it doesnt return anything useful- just unresponsive programs or webpages , no hardware or anyfin. what do i do know?! ?! thanks!
tOm
|
Senior Member
|
16. August 2006 @ 15:51 |
Link to this message
|
Okay, rav can help you with the virus issue. I wanted to see if you would do the following.
1) Start-> All Programs-> Accessories-> Windows Explorer. This will open a new window. Now select Tools-> Folder Options and a window will open. Select the tab that says, "View". Under that tab in the advanced settings box you will see a folder called, "Hidden files and folders". Under that folder there are two radio buttons. Select the one that says, "Show hidden files and folders". Now select Apply and then OK.
Now remember after you have finished with these steps to change it back.
Notice the left pane and right pane. In the left pane go to My Computer-> Local Disk (C:)-> Documents and Settings-> Your User Name-> Local Settings-> Temp. Delete everything in that folder. There may be a couple of things that can't be deleted but that is okay.
2) You can scroll farther down in the explorer and find another folder called temp. Remove all of the items there.
3) Now scroll down to Windows-> Cache and delete all.
4) Now Windows-> Temp and delete all.
Now be sure before you close the Explorer window to set the view items back to the original position. Now a couple of the items that you had in that file were Firefox items. These items are not bad, but they may be removed. Reboot in safe mode and run Spybot again. It will find items that belong to Firefox that are not needed. Go ahead and remove them.
Oh yeah, before I forget go ahead and open up IE and go to tools-> options (or browser options)-> "..." somewhere in there you will be able to delete cache, cookies, temporary Internet files, URL's etc. Go ahead and remove everything. Make sure that firfox is set as your default browser. You can do that from the tools-> options menu also. After you have done all of that run another scan and see what it says. I prefer Trend Micro: http://www.trendmicro.com/hc_intro/default.asp But I believe you said that it wouldn't work for you. Maybe try it one more time.
|
|
tjj107
Account closed as per user's own request
|
17. August 2006 @ 02:01 |
Link to this message
|
|
yeh i did all the things u said syxguns but that trend micro still doesnt work for me and when i tried another one that rav suggested , ti found spyware but wouldnt delete them. do you know any more sites i can use? thanks
tOm
|
|
tjj107
Account closed as per user's own request
|
17. August 2006 @ 02:27 |
Link to this message
|
ok rav ,here is what you wanted me to do. i did it with 'system' part of the event log:
THIS PROBLEM COMES UP LOADS OF TIMES ON THERE: (COULD THIS BE THE PROBLEM WITH THE FREEZING BECAUSE WHEN IT FREEZES, THE HARD
DISK LIGHT STAYS ON AND THIS IS ABOUT THE HARD DISK?)
Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 31/07/2006
Time: 21:22:03
User: N/A
Computer: TOMJ-JSCOMPUTER
Description:
The device, \Device\Harddisk0\D, has a bad block.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 ee e0 38 05 00 00 00 .îà8....
0028: bb b9 00 00 00 00 00 00 »¹......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 40 . ..@. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 80 e5 83 .... €åƒ
0058: 00 00 00 00 08 e0 91 83 .....à‘ƒ
0060: 00 00 00 00 77 70 9c 02 ....wpœ.
0068: 28 00 02 9c 70 77 00 00 (..œpw..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
AND ALSO THIS PROBLEM COMES UP A FEW TIMES:
Event Type: Error
Event Source: atapi
Event Category: None
Event ID: 9
Date: 31/07/2006
Time: 21:25:27
User: N/A
Computer: TOMJ-JSCOMPUTER
Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0f 00 50 00 01 00 a4 00 ..P...¤.
0008: 00 00 00 00 09 00 04 c0 .......À
0010: 00 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 07 00 00 00 ........
0038: 40 00 00 0e 00 00 00 00 @.......
0040: 00 20 0a 12 40 03 20 40 . ..@. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 50 5f f5 a8 9f 17 84 .P_õ¨Ÿ.„
0058: 00 00 00 00 08 aa 20 84 .....ª „
0060: 00 00 00 00 71 70 9c 02 ....qpœ.
0068: 28 00 02 9c 70 71 00 00 (..œpq..
0070: 30 00 00 00 00 00 00 00 0.......
AND THIS COMES UP A FEW TIMES:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 02/08/2006
Time: 21:16:54
User: TOMJ-JSCOMPUTER\Tom
Computer: TOMJ-JSCOMPUTER
Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
this is what windows told me about the first bit of info i wrote above (the hard disk) :
Details
Product: Windows Operating System
Event ID: 7
Source: Disk
Version: 5.2
Symbolic Name: IO_ERR_BAD_BLOCK
Message: The device, %1, has a bad block.
Explanation
The device has a bad block of memory, which Windows attempted to read. The data might be missing or corrupted.
User Action
If this event is logged regularly, replace the hard disk drive.
what do you think?
tOm
|
Senior Member
|
17. August 2006 @ 02:46 |
Link to this message
|
Hey tjj107 :-)
Now we may be getting somewere, I did a Panda scan myself, now they find infections, but don't remove them, which is a bit sad.
But now we know there is malware present, lets try a BitDeffender online scan, HjT didnt show anything, there is a few more things we can try, but BitDeffender may be able to provide us with a insight.
BitDeffender Online Scan
http://www.bitdefender.com/scan8/ie.html
We may aswell also see if Ewido shows us any infections:
Ewido Anti-Spyware Free :
http://free.grisoft.com/doc/5390/lng/us/tpl/v5#ewido-free
Save the logs from BOTH Ewido and BitDeffender if anything is found and reply here:
Also, please help me help you, follow this post:
http://forums.afterdawn.com/thread_view.cfm/2/379472#2288451
You didn't properly post the even viewer errors, read more closely and reply.
In your next post I want:
*Ewido Report
*BitDeffender Report
*Sfc /scannow result.
*OS update info (whether or not you did)
Do not reply untill you have all of them ready, thanks for your cooperation, we are getting there :-)
|
|
tjj107
Account closed as per user's own request
|
17. August 2006 @ 07:08 |
Link to this message
|
|
here are the 2 online scans (its a lot)!
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:12:16 17/08/2006
+ Scan result:
:mozilla.57:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.58:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.59:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.60:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.61:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.115:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.123:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.36:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.37:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.38:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.104:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.105:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.106:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.107:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.78:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.79:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.80:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.81:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.112:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.113:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\i5iastcl.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
::Report end
BitDefender Online Scanner
Scan report generated at: Thu, Aug 17, 2006 - 16:04:25
Scan path: C:\Documents and Settings\Tom\My Documents;C:\Documents and Settings\All Users\Documents;C:\;
Statistics
Time
01:50:29
Files
139955
Folders
3305
Boot Sectors
2
Archives
1339
Packed Files
5903
Results
Identified Viruses
5
Infected Files
29
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
56
Engines Info
Virus Definitions
449601
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B07959.exe=>(Quarantine-2)
Infected with: Trojan.Dropper.Winad.H
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B07959.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B07959.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CA493C.exe=>(Quarantine-2)
Infected with: Trojan.Dropper.Winad.H
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CA493C.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CA493C.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24900835.tmp=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24900835.tmp=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24900835.tmp=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24FC71BE.tmp=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24FC71BE.tmp=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24FC71BE.tmp=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D01AD5.tmp=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D01AD5.tmp=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D01AD5.tmp=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278439A3.exe=>(Quarantine-2)
Infected with: Trojan.Dropper.Winad.H
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278439A3.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278439A3.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392A339A=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392A339A=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392A339A=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39587F68=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39587F68=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39587F68=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39617D5D=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39617D5D=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39617D5D=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39685156=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39685156=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39685156=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396B7B52=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396B7B52=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396B7B52=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39724F4B=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39724F4B=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39724F4B=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C4D40=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C4D40=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C4D40=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39822139=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39822139=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39822139=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39897532=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39897532=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39897532=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398C1F2E=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398C1F2E=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398C1F2E=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E115040.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E115040.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E115040.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E172439.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E172439.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E172439.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E3282F.js=>(Quarantine-2)
Infected with: Js.Sillydownloader.AA
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E3282F.js=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E3282F.js=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52414DFD=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52414DFD=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52414DFD=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598A08A6.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598A08A6.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598A08A6.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59973098.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59973098.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59973098.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C657408.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C657408.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C657408.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9F67C7.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9F67C7.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9F67C7.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D61666C.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D61666C.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D61666C.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D029C0.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D029C0.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D029C0.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7036499C.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7036499C.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7036499C.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034847.exe=>wise0015
Detected with: Application.Adware.NewDotNet.B.Dropper
C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034847.exe=>wise0015
Deleted
C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034847.exe
Update failed
C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034848.exe=>wise0015
Detected with: Application.Adware.NewDotNet.B.Dropper
C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034848.exe=>wise0015
Deleted
C:\System Volume Information\_restore{73BEEEF1-0022-4F18-9598-4003C12E34EB}\RP30\A0034848.exe
Update failed
tOm
|
|
Advertisement
|
|
|
Senior Member
|
17. August 2006 @ 08:25 |
Link to this message
|
Quote:
In your next post I want:
*Ewido Report
*BitDeffender Report
*Sfc /scannow result.
*OS update info (whether or not you did)
Do not reply untill you have all of them ready, thanks for your cooperation, we are getting there :-)
You may have missed that part :-)
Also, the log shows nothing too special, only stuff thats already in qaurentine.
But, it may be a good idea to run them in safe mode with networking:
How to Boot into Safe Mode
Reboot the machine and wait for the beep.
*Rapidly press F8 key until a menu of boot options appears
*Select Safe Mode With Networking
NOTE: If you still have trouble booting into Safe Mode with the F8 method above, please see:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/20010524...
Run an Ewido Anti Malware scan along with a Trend Micro online scan.
Try running trend micro in IE this time, some browsers liek Firefox do not have ActiveX support :-)
Save the logs and show me then.
In your next post I want:
*Ewido Report
*Trend micro Report
*Sfc /scannow result.
*OS update info (whether or not you did)
Do not reply untill you have all of them ready, thanks for your cooperation, we are getting there :-)
This message has been edited since posting. Last time this message was edited on 17. August 2006 @ 08:26
|
|
